On Thu, Jul 5, 2012 at 1:19 PM, John Nagle wrote:
> On 7/4/2012 7:07 PM, Daniel Veditz wrote:
>
>> If we implement cert pinning we'll either have to allow that kind of
>> business to disable it, or write off our users who work for
>> companies with that kind of control freakery. It's more common t
Suggestion:
"Program is attempting to on . If you expected it to, tap
here. If not, tap below."
Then, if the same permission dialog keeps happening at the same point in the same process, and the user has
never said "no", allow the option to save a "just say yes" or "just say no" for
that
On Thu, Mar 29, 2012 at 8:38 AM, John Nagle wrote:
>>> Anything that takes a credit card should have at least "organization
>>> validated".
>> Can you actually think of a reason for that?
> Anonymous online businesses are illegal.
>
> It's a criminal offense in California to accept a credit card
(I mentioned this to mgoodwin in the #security channel on
irc.mozilla.org, and he suggested I bring it here.)
Waking from the Email Key Management Nightmare
(or, Solving the Message Accessibility After Hardware Death Problem)
(and, Solving the Key Distribution Problem Without Trent's Directory)
C
On Wed, Jan 11, 2012 at 9:36 AM, Gervase Markham wrote:
Mozilla needs a space in between "public" and "security group" (or
"employees"). We've needed one for a long time; this is just another
manifestation of the issue.
So how about representation of the users' interests within the "security
This sounds like something a bug needs to be filed on.
If you have openssl, can you do:
openssl s_client -connect 192.168.168.132 -showcerts
and send the dump thereof?
My instant thought is that there might be an IP address in a
subjectAltName entry of type dNSName, or an IP in the Common Name
Not everything is necessarily the browser's fault. This could be, for example,
other malware. (I'm not saying that it is, just suggesting that it may be
environment-based.)
That said, it's hard to figure out where a security problem is if the only
thing that can be seen is what's been left b
(replying to a message on dev-security at mozilla, but since this
affects OpenSSL more than Mozilla, I'm sending this one directly to
openssl-users and bcc:ing dev-security. I hope the spam filter lets
it through.)
When handled properly (i.e., you don't rely on anything before the
renegotiation,
then why not create an internal build of Firefox, embed your own root
into it, and issue certificates from that root to the boxes that need
it?
Oh yeah, because people use computers for more than one purpose. A
home machine can be used to VPN into work.
Wake up, Mozilla. Your policy is not usef
[Please follow-up to dev-security-policy -- which is where most things
having to do with CA and browser interaction policies are discussed.]
I'm trying to figure out how much of the OCSP slowness and server
underpowering is due to the sizes of the keys used, or limitations of
the HSMs (and drivers
On Tue, Aug 26, 2008 at 4:58 PM, Michael Lefevre
<[EMAIL PROTECTED]> wrote:
> Kyle Hamilton wrote:
>> Hi, I'm trying to figure out (for testing purposes only -- I need to
>> verify a certificate on a POP3 server) if there's a way to override
>> Firefox 3
Hi, I'm trying to figure out (for testing purposes only -- I need to
verify a certificate on a POP3 server) if there's a way to override
Firefox 3's internal port blocking.
The port in question is 995, which is POP3/secure.
Of course, I'd very much like to understand why this happens:
"Port Rest
I actually did see the EV chrome indicator, but my network latency was
fairly high. (If you want to simulate this, try torrenting Ubuntu.)
It appeared to be a time-delay thing (based on 'oh hey, we've got an
EV-validated connection') as opposed to a content-delay thing (such as
"oh hey, this is a
ed (this is separate from the "SSL to non-SSL" config preference
which isn't enabled by default).
Thanks,
-Kyle H
On Thu, Jul 3, 2008 at 9:09 PM, Nelson Bolyard
<[EMAIL PROTECTED]> wrote:
> Kyle Hamilton wrote, On 2008-07-03 19:51:
>> https://www.paypal.com/c
14 matches
Mail list logo